Black Hole Exploit Kit Website Redirection

Black Hole Exploit Kit exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with Black Hole EK by redirecting them to a malicious web page. Successful infection will allow the attacker to download additional...

LastPass Patches Ormandy Remote Compromise Flaw

LastPass has patched a vulnerability in its Firefox add-on found by Google Project Zero researcher Tavis Ormandy that allows attackers complete remote compromise of the password manager, . The divisive Ormandy submitted a bug report on Tuesday to LastPass after a series of tweets hinting at serio...

The vulnerability of the Internet Explorer browser, which allows a malicious individual to execute arbitrary code or trigger a service failure.

Internet Explorer contains a vulnerability related to the use of memory after its release use-after-free error when working with the CAttrArray object. Exploiting this vulnerability allows malicious actors, operating remotely, to execute arbitrary code or cause service failures through a speciall...

The vulnerability of Google Chrome browser allows a violator to circumvent existing access restrictions policies.

The vulnerability in the WebKit/Source/core/css/StyleSheetContents.cpp file of the Google Chrome browser’s Blink component is related to errors in CSS style sheet access control. Exploiting this vulnerability could allow a malicious actor to circumvent existing access restrictions by using a...

WordPress Plugin WP Mobile Detector 3.5 - Arbitrary File Upload

WordPress Plugin WP Mobile Detector 3.5 - Arbitrary File Upload Exploit Title: WP Mobile Detector =3.5 Arbitrary File upload Google Dork: inurl: /wp-includes/plugins/wp-mobile-detector Date: 1-06-2015 Exploit Author: Aaditya Purani Author Details: https://aadityapurani.com Vendor:...

74cms user_invited.php sql注入

注册企业账户，填写企业信息，然后发布职位。再访问下面的URL。 http://demo.74cms.com/user/userinvited.php?id=1&act=invited 其中id参数可以注入。 由于有安全狗的原因，and会被拦截，我们用&&和||代替吧. http://demo.74cms.com/user/userinvited.php?id=1%20||%201&act=invited 代码/user/userinvited.php:191： $row = $db-getone"select from ".table'companydownresume'." where...

discuz越权回复第二式(回复无权限帖子)

简要描述： 另类第二种 详细说明： www.hegouvip.com 他是dz 3.1 非会员是不能在会员专区回复的 看这里哇 分享这里 我们弄 尤其要点上同时回复 就会 成功 现在可以了 漏洞证明： img src="https://images.seebug.org/upload/201506/2910381641d85816d2d574699a34a9a8aefe3d43.png" alt="5.png" width="600" onerror="javas...

CVE-2015-0071

Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."...

NativeChurch Theme - Arbitrary File Download

Description The NativeChurch WordPress theme was affected by an Arbitrary File Download security vulnerability. https://example.com/wp-content/themes/NativeChurch/download/download.php?file=../../../../wp-config.php...

Microsoft Internet Explorer 6.0 TriEditDocument Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18946/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This issue is triggered when an attacker convinces a victim user to visit a malicious website. Remote attackers may exploit this issue ...

Another Internet Explorer Zero Day Surfaces

Researchers have disclosed a new zero day vulnerability in Internet Explorer 8 that could enable an attacker to run arbitrary code on vulnerable machines via drive-by downloads or malicious attachments in email messages. The vulnerability was discovered and disclosed to Microsoft in October, but...

Ultimate Weather Plugin <= 1.0 - Unauthenticated Reflected XSS

The last time it was checked the plugin was still affected and had been closed. http://www.example.com/wp-content/plugins/ultimate–weather–plugin/magpierss/scripts/magpiedebug.php?url=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E...

Microsoft Internet Explorer Memory Corruption (MS14-012; CVE-2014-0303)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affecte...

PyroCMS &quot;email&quot;跨站脚本漏洞

PyroCMS是一款内容管理系统。 由于传递到index.php/register中"email" POST参数的输入在返回用户前未能正确过滤，攻击者可以利用漏洞在受影响站点上下文的用户浏览器会话中执行任意HTML和脚本代码。 0 PyroCMS 2.2.3 目前厂商暂无提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： https://www.pyrocms.com/...

ICEstate SQL Injection

'/ -.- ------------------------------oOO------OOo----------------------------------- | ICEstate Real Estate Marketplace SQL Injection Vulnerability | -------------------------------------------------------------------------------- ! Discovered: cr4wl3r ! Site: http://bastardlabs.info ! Download:...

e107 1.0.1 - Arbitrary JavaScript Execution (via Cross-Site Request Forgery)

e107 1.0.1 - Arbitrary JavaScript Execution via Cross-Site Request Forgery Exploit Title: e107 v1.0.1 Administrator CSRF Resulting in Arbitrary Javascript Execution Google Dork: intext:"This site is powered by e107" Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org...

Joomla!/Mambo FCKeditor模块'Connector'本地文件包含漏洞

Bugtraq ID:55563 Mambo / Joomla是流行的内容管理系统。 Mambo / Joomla包含的fckeditor模块不正确过滤提交给'Connector'参数的数据，可通过目录遍历序列以WEB权限查看系统文件内容。 0 mambo /joomla fckeditor 厂商解决方案 目前没有详细解决方案提供： http://www.joomla.org/ http://www.mambo-foundation.com/...

4Images 1.7.10 - &#039;/admin/categories.php?cat_parent_id&#039; SQL Injection

source: https://www.securityfocus.com/bid/51774/info 4images is prone to multiple input-validation vulnerabilities including: 1. A cross-site scripting vulnerability. 2. An open-redirection vulnerability. 3. An SQL-injection vulnerability. An attacker may leverage these issues to perform spoofing...

DirectAdmin Cross Site Request Forgery

!/usr/bin/perl Title : DirectAdmin Web Control Panel � 2005 JBMC Software Author : Onur T�RKE�HAN Homepage : http://www.directadmin.com/ tested on : Windows 7 Seni Unutmayacagiz MIRIM- system"cls"; print " +----------------------------------------+\n | directadmin csrf vuln creator by turkeshan |...

Shockwave.com Cross Site Scripting

Exploit Title: shockwave.com Cross Site Scripting Vulnerability Date: 12/11/2011 - 04:00am Author: Ryuzaki Lawlet Website: http://jusryuz.blogspot.com Tested On: WinXP Platform: - Email: [email protected] $ Vulnerable : http://www.domain.com/search.jsp?q= $ Preview Sites:...